The Balance Between Open Data and Privacy

The founder of the World Wide Web, Sir Tim Berners-Lee, has thrown his weight behind an index that attempts to rank the nations of the world, or a subset of them, according to the impact the Web has made on them. Included in that calculation is an idea of the openness of data—that free and open data is a good thing.

But is that assumption correct? Is there such a thing as being too open, of data being too free? At some point is there not a risk that opening data is closing privacy?

Professor Nigel Shadbolt of the U.K.’s Southampton University, Mr. Berners-Lee’s colleague at the country’s soon-to-be-opened Open Data Institute, certainly believes that the time is right for the U.K. to face up to the moral entanglement of open data and privacy. He has called for a Warnock-style commission into the issue.

In 1984 the U.K commissioned an inquiry into human fertilization and embryology, chaired by the British philosopher Dame Mary Warnock. It laid the ground for the ensuing legislation but crucially, said Mr. Shadbolt, the report was commissioned in advance of the technology. It sought answers to problems that had been anticipated but not yet encountered, and to construct a moral, rather than legal, framework.

“Within the broad limits of legislation there is room for different, and perhaps much more stringent, moral rules,” the report said. “What is legally permissible may be thought of as the minimum requirement for a tolerable society.”

Speaking earlier to The Wall Street Journal about privacy, Mr. Shadbolt said it is often said, “We give up on privacy because we live in the Panopticon. A lot of people think there is an inevitability about this [loss of privacy]. But the availability of data does not sanction its use.”

The commission “had a broad range of scenarios that were technically plausible and asked themselves what does a democratic society with our kind of values want?”

According to Harvey Lewis, analytics research director at consultants Deloitte, the Warnock report was a template for such an inquiry. “One thing the report did very well was its focus on the individual as the center of the discussion. Exactly the same principle should apply to data.”

It was necessary, said Mr. Lewis, to distinguish between anonymity and privacy. In much of our day-to-day lives and our dealings with organizations we are not, nor would it be desirable to be, anonymous. But, says Mr. Lewis, just because a company knows who you are, that does not abnegate its duties to your privacy. Setting aside the legal and moral issues, it is simply good business sense.

According to a recent Deloitte report, the top two issues that would make a customer consider never using a company again are data-related: 70% of customers said they would consider breaking off the relationship if the company failed to keep their personal data safe; 56% said that selling anonymized data—data that had personally identifiable information removed—to other companies would potentially result in similar action.

However, Mr. Lewis was skeptical that the time was right for such an inquiry. “I don’t think we are there yet. I think calling for a full-blown commission may well be counter-productive.”

The problem, says Mr. Lewis, is that in order for a debate to have meaning, the issue need to be fully understood by all parties. This, he suggests, is some way off.

“All organizations need to be thinking about the way they use data, not just in terms of the company’s needs, but the balance between its needs and the needs of the customer or citizen. It is all too easy for businesses to focus on the benefits to them and not properly understand the costs and benefits to the individual.”

Likewise, consumers, while aware that data is collected on them, have yet to fully understand the implications of it.

“People don’t know what is being done with their data nor what the benefits are. You cannot judge what the trade-off is between data collection and the potential harm unless you understand what the potential benefits could be.”

But personal data activist William Heath, Chairman and Co-Founder of Mydex, a start up offering personal data storage, suggests that simply to tackle the issue of privacy is to miss the bigger picture.

“Who should rightfully control personal data?” He asks. “How can we uphold personal dignity in a world where organizations know a huge amount about individuals and is that right and is that the sort of society we want?”

There is a whole wave of businesses that have been built up on extracting the value from personal data collected as internet users carry out their daily lives on line. “Who owns that data? Who gets to extract value from it? There would be a lot of people very happy just to look at privacy and not the wider context.”

The control of personal data has become a key policy for the European Commission, and Viviane Reding, European Commissioner for Justice, has been driving the calls for reform. Ms. Reding has rejected a national approach, and instead called for pan-European legislation. But with the differing attitudes to privacy across the 27 EU members, that looks like a tough battle. Just take one country, Germany, and its seemingly contradictory attitudes to personal privacy; Google 's photographing of buildings causes public outcry, yet naked sunbathing doesn’t even raise an eyebrow. Finding consensus could take some time.

About Tech Europe

Tech Europe covers Europe’s technology leaders, their companies, and the people and industries that support them — and their ideas. The blog is edited by Ben Rooney, with contributions from The Wall Street Journal and Dow Jones Newswires.